This site contains information relating to some recent libpng vulnerabilities. documents The original bug report patches [moved to http://libpng.sf.net in [DOWNLOAD]) A set of patches that can be applied to versions of libpng as far back as libpng-0.89c to eliminate the new vulnerabilities PATCHING.txt is an index to the patches and also has a method of making libpng *applications* invulnerable to the worst of the vulnerabilities. images Various png files that may trigger the vulnerabilities. A png file with a bad tRNS chunk, plus copies of it with .gif or .jpg extension, and an HTML page for each. src beta versions of libpng-1.2.6. [moved to http://libpng.sf.net in [DOWNLOAD]) src/history Old patch sets and libpng versions Here are the CVE names: > 1) Remotely exploitable stack-based buffer overrun in png_handle_tRNS > (pngrutil.c) > 2) Dangerous code in png_handle_sBIT (pngrutil.c) (Similar code in > png_handle_hIST). CAN-2004-0597 for these (we merge issues that have the same flaw type that get fixed in the same versions). > 3) Possible NULL-pointer crash in png_handle_iCCP (pngrutil.c) (this > flaw is duplicated in multiple other locations). CAN-2004-0598 for those. > 4) Theoretical integer overflow in allocation in png_handle_sPLT > (pngrutil.c) > 5) Integer overflow in png_read_png (pngread.c) > 6) Integer overflows during progressive reading. > 7) Other flaws. [integer overflows] CAN-2004-0599 for those. Web space provided by graphicsmagick.org, thanks to Bob Friesenhahn. Site maintained by Glenn Randers-Pehrson . If you need these: Glenn's PGP public key (new key 27 October 04 replaces previous one which is no good): -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.2.6 (GNU/Linux) mQGiBEGCDvQRBADmTzR1TfIPvRhuUSjoXRas2GaoH6NhMWOhXPRlVCE8uPPZxsS5 pGR3wMnBqzHtH8n6QDRJvtumhAZpmOdOXkI6e9Xhwokn6UBHk4OPvWgmUhWJKzI5 v5Y8F+FCEIV4j7x8WXWUbiiw790JGgVgNLKKhG93LN6Gk+YuTcCrIZgbDwCguZfp J9FsubaCLbnEe1UdBgmqbxsEAMebCKDLr3oXaFiz4Cj8F+d22mv0Gt9j+XZKR+CO tT2BVAdU5tmjKxaesgWwFqWvQlQSaS8+2iteWeUb6Lg8q1YGJhwH9fQuX7+qL7yQ +/kKRt727V6YKhVbHCFMujUJVh6sECCV3aP4ZlDghlpykK07PzzgWVxko6zAmRfH +7+cA/9aAN02W4xi5JoHhsrm2cGj+MNr0BvGQ3jjL1AN0vJ48mDLJuMuLbFEnp/z 2qS3LThEKV5vVQ5vCCMxz/JKYfBErcAE7AWfZrIK8vNcFqy95Uhh3GnvCwLo/WCE hO2v68/WLwdeQhw4O39fEIbonjP/YlbB8Wol/iToPjEoXi6VE7Q4R2xlbm4gUmFu ZGVycy1QZWhyc29uIChsaWJwbmcpIDxnbGVubnJwQGltYWdlbWFnaWNrLm9yZz6I XgQTEQIAHgUCQYIO9AIbAwYLCQgHAwIDFQIDAxYCAQIeAQIXgAAKCRAV64VjAAMe flyaAJwI+CkKLCtPJ0qtaa89kfIve1kxiACfQ/eZUoJugB4E3eXeH2xHp7hwnIC5 AQ0EQYIO9RAEAPpJJjUO9ilwRA652bS6sWfwl9UTDruLPA7FpAR3qHm5NJlL7se6 /bqW5kFawr98Y/qiKTURmW6XJeZDwjHSUKPe52RD1pmY+wBUE7S91nE1gX7bhJ2/ bBoyK+rE/CfM+NtgCZyXCeEL4ZTsQoKzuDElX8tNr9pzthUIOjyigW6DAAMGA/9f 1kqSoN6CK/fUF1Bq5SUuKROXzVgQpWbl8Bzb47F6NS6ppGPJCJ01o1TvdrtsZ69a XAgJxRsNor797ultUeOO88ixWZLanTLNodXWNOKn1BNGceRyw1JBMkAEPy/zV54X qrJc1gb2VkMN/sYMtrqcoSwWsvztt1qrDcA0TRMzJIhJBBgRAgAJBQJBgg71AhsM AAoJEBXrhWMAAx5+NsIAoKprj4aqqgoILIOwlCndVxFbaQxGAKCn8l+C+r+0t02i OMCavw1dWRHnAA== =UQKZ -----END PGP PUBLIC KEY BLOCK-----